Bob Hanson writes:
On Sun, 5 Jan 2014 20:09:23 -0600, Tim Peters wrote:
As Benjamin asked, could you please flesh out what "blah-blah-blah-dot-com" means - what, exactly, was the site your firewall warned you about?
Forgive me, but I'm an old man with very poor vision. Using my magnifying glass, I see it is two very long URLs ending with something like after the blah-blah: < ... akametechnology.com>
I suppose you tried cutting and pasting? Note that you don't need to be exact as long as you're pretty sure you got the whole thing -- your readers who have better eyesight can parse out the URL easily enough.
More precisely, these two IP addresses: 23.59.190.113:80 23.59.190.106:80
Somebody who doesn't know the rules of capitalization (see ww1.akamitechnologies.com) appears to be spoofing Akamai (the web caching/distribution service used by President Obama among other prominent users). The domain referenced is presumably some variation on <IP address>.deploy.static.akamitechnologies.com (according to host <IP>), and the long URL is rooted at /ses/ so it's trying to convince you it's a session (whether that is actually true or not I don't know, that's just what I would guess if I were trying to reverse engineer an honest URL, which this sure doesn't seem to be). So your alarm seems to be verified, but why this happened to a Python download I don't know. It could be DNS hacking between you and python.org, as well as something in the Python MSI. HTH Steve